Answer-first summary for fast verification
Answer: Enable VPC Flow Logs in the subnets hosting the instances.
The correct answer is to enable VPC Flow Logs in the subnets where the instances are located. VPC Flow Logs capture a sample of network flows sent to and received by VM instances, including those used as GKE nodes, facilitating network monitoring, forensics, real-time security analysis, and cost optimization. Other options are incorrect because: deploying the FluentD agent is for application and OS-specific logs, not VPC network traffic; creating a Logs Sink requires VPC Flow Logs to be enabled first; and enabling Firewall logs only captures traffic allowed or denied by specific firewall rules. For more details, refer to the documentation on using flow logs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company has deployed compute resources in VPCs within the Development Project, with applications running on GCE Instances across three VPCs. A new security requirement mandates the collection of sample network flows to and from these VM instances. Which solution best meets this requirement?
A
Deploy the FluentD agent to instances for sending application logs to Cloud Logging.
B
Enable VPC Flow Logs in the subnets hosting the instances.
C
Create a Logs Sink with an inclusion filter to sample traffic in the VPCs.
D
Enable Firewall logs on the firewall rules affecting instances in the VPCs.
No comments yet.